Option 1 - Produce Secret with ca.crt, tls.crt and tls.key PEM values

Edit online

If you have CA certificate, server certificate, and server key values in PEM format, you can create Secret object manually and deploy it to the namespace where you plan to install ITX Runtime Server. Note that if you choose to manually create Secret object, you assume responsibility for its lifecycle, including management of the key and certificate values they store, and restarting the pods to pick up any updates made to the Secret content.

The following is an example of a Secret object with the name itx-rs-ssl-secret. Before applying it, replace the three indicated base64 value placeholders with the base64 encoded PEM certificates and keys:

apiVersion: v1
kind: Secret
metadata:
  name: itx-rs-ssl-secret
type: Opaque
data:
  ca.crt: "base64_ca_cert"
  tls.crt: "base64_server_cert"
  tls.key: "base64_server_key"

To base64 encode a PEM file and display the value in a single line for inclusion in this manifest, you can use the following command:

base64 --wrap=0 <file_name>

After applying the manifest, if you deployed it from the command line from a yaml file, you may want to delete the file after applying it, since it will contain the server certificate's private key.

In addition to providing a custom Secret object, you can also utilize a certificate management tool to automatically create and manage the Secret. For example, IBM Cloud® Secrets Manager could be used.